Actually, Proton + your local key = don’t work very good. Usually you’ll have to use a key pair generated by Proton—sharing your sec with the provider is not good.

Nevertheless, Proton is 100 times better than Google to be sure. Those who are trying to ditch Google, Proton and Tuta are two good options to consider, also recommended by PrivacyGuides. For those who had ditched Big Tech and now starting to wonder if Proton is okay… that’s a bit tricky, still I say Proton is nod bad. I had recommended Proton to my friends until the French activist incident, followed by a few more bad incidents. Yet it’s understandable that Proton must obey it if they get a valid court order… If you’re a normal, daily user, Proton is good enough (if not the best), albeit a bit overpriced.

Let’s say I’m selling you a book B and accepting a crypto payment. What if you sent me your crypto C trusting me, but I exit-scammed, vanishing without sending you B you’re trying to buy? That’d be bad. But what if I sent you B first, trusting you’ll send me C as soon as you receive B? Now you could cheat and vanish without paying. That’d be bad too.

To prevent any of those things from happening, there are a few methods. One is a 2-of-3 escrow service. Another is 2-of-2. Both based on multisig. A simplified example follows.

The book costs you 100€. You’ll send, say, 200€ to address A controlled by both you and me via multi-signature. I too will send 100€ to A. Now Wallet A has 300€. When 2 persons (you and I) sign, there will be a 2-output transaction from A to you (100€) and to me (200€), but any single person can’t move fund from A. That’s multisig.

Now I must send you the book in a good condition, because I don’t want to lose my 100€. So I’ll act carefully and honestly, and sign when I ship the book. You too will be willing to sign when you receive the book, because otherwise you can’t retrieve your 100€ (you deposited 200, when the book only costs 100). Sometimes an unexpected accident may happen, but usually something like this will work pretty well. This is one way how a P2P platform works (not very accurate, but I hope you get the idea).

Never seriously checked these stats. As of writing this, !monero@monero.town = 1.05K subscribers and only 8 users / day, that’s the largest community here if I’m not mistaken; whereas !technology@lemmy.world = 47.1K subscribers, 974 users / day—roughly 100 times bigger, they’re a whale compared with monero.town. It seems our 2nd largest community is !privacy@monero.town: only 260 subscribers, 1 user / day. I (Saki) seem to be one of “privacy” mods, whatever it means. Is this a status automatically given after you created a certain number of new posts?

Anyway, I was assuming that most general people were seeing crypto negatively (because crypto-related posts tend to be automatically downvoted, even if it’s just an innocent joke as in memes, or a normal post like “Use p2pool, it’s zero-fee”), and was surprised to see those positive comments from “outsiders” (?). Apparently there are quite a few people who know Bitcoin was originally not like a “get rich quick” scheme, but it was experimental with some deep philosophy; and that Monero is in a way its spiritual successor.

Then again, many people in !technology@lemmy.world are probably Linux-using geeks. As such they’re tech-savvy, not representing “general people“.

Originally Bitcoin had nothing to do with “get rich quick”. It felt vaguely like Freenet. It was experimental, philosophical, mathematical, cypherpunk… Almost no one had imagined that investors were going to be interested in it and something like that fad would happen.

Unfortunately it’s not easy to get Monero. In several countries, CEXes don’t support it (delisted). Besides, getting Monero from CEX is not ideal privacy-wise. So, a typical Monero user gets it no-KYC, without using CEX. Which is legal, but rather complicated. That’s why I wouldn’t recommend Monero to regular people.

As you said, Monero is such a great way for payment in a practical sense. Very low fees (~1 cent, no matter how much you send), private (only you can authorize transaction, no need to get a permission from someone else). The community is relatively small (monero.town on Lemmy), but generally nice and cozy. We seldom, if ever, talk about investment… It’s so different from what people think when they hear “crypto”. It’s understandable that some people assume it’s just one of those alt sh*tcoins.

If what you’re talking about is something OS-level, chances are that you can trivially do the same thing. But if it’s application-level (a tool for Windows): while there’s a way to run a Windows application, apparently it’s not always perfect. If you really need to use a program that only runs on Windows, that’s a valid reason for you to keep using Windows. I hope you can find a libre alternative. You’re free to code your own tool (which behaves exactly the way you like), but admittedly that option is not always realistic.

Nevertheless, at least when doing something generic like browsing web pages or writing email, you don’t need to do that on a privacy-invasive OS. If more and more users start noticing that, Micro$soft might realize that annoying paying customers is a bad idea in the long run.

It’s preposterous to pay (buy an expensive license) to be abused!

My thought exactly, when I first read it. Still, just in case, I’d avoid using remote nodes related to Cake Wallet. It might be “honey pot flavored” cake, haha, although I’d like to believe that’s not true. Come to think of it, the monero.com domain must have been really expensive.

That is correct. Tor Browser on Tails comes with uBlock Origin. It might be that DDG (or some other financial supporters) are not happy if the Tor Project ships TB with uBlock. There are many things to be blocked by uB even on DDG, Brave, MetaGer, etc. (although obviously they are much less invasive than you-know-what search engines). Purely privacy-wise they're annoying of course. But understandably they do need to monetize something to provide search engines, and I think some of them are financially supporting the Tor Project too, or they're helping each other, so... I don't know. Just a guess.

Isn't it like Mozilla has to be nice to Google? Ultimately, doesn't this mean that end users are not making enough donations? People say privacy and freedom are important, but normal people really don't like to pay for these important things, like assuming libre is like free beer!

Moonstone Research Study Etches Doubts on Monero’s Privacy; Crypto Community Reacts

Moonstone’s investigation demonstrates, under certain circumstances, XMR transactions can sometimes be partially traced despite their privacy features. […] “Wow… not as private as everyone thinks,” one person remarked.

Simmons shared his perspective about Moonstone’s study as well and stressed that the specific tracing scenario doesn’t apply to the typical Monero user. […] He explained that the ability to trace resulted from unusual circumstances: private keys were shared with a chain surveillance company.

• Monero (XMR) Wallet Hacked: Is Coin No Longer Safe? [u today]

• Monerujo Wallet User Drains Monero’s CCS Wallet: Report [coinedition com]

• Monero (XMR) Crowdfunding Wallet Reportedly Drained by Hackers [en bitcoinsistemi com]

Thank you very much. You pointed out there: "Nobody really used it, so it ended up being unstable and full of problems" and there was a reply, saying you “can't really force anybody to use something”.

I’d like to add another point of view. With reliably working multisig, we can have our own Bisq-esque DEX (at least in principle), and many people would love to use it, once it’s really available, right? For example, one might be able to sell and buy XMR in a safe and reliable way. Or eventually, though this might sound like a pipe dream but at least in theory, we might have a P2P proxy-store, where basically anyone can offer doing any shopping they can do for you. Just like on Bisq, both send securities first to discourage any cheats. When the seller ships whatever you’re buying, they “confirm” (or sign). When you receives it and everything is fine, you confirm too. Then, and only then, your security will be back and the seller will receive the locked xmr you initially deposit, and everyone will be happy. Multisig seems necessary (if not sufficient) for this to work.

we had become complacent because everything had "worked just fine" for so long.

This comment of fluffyponyza is also understandable. Generally, a programmer doesn’t want to change things when it’s working fine. “If it ain’t broke, don’t fix it.” In this case, something was (easy to) broken, though. Hindsight is 20/20.

Given that multisig is already available (just not yet well-tested), let’s stop joking like “We should keep our Monero in some other coin,” and try to think a bit more positively. At the very least it has been clearly demonstrated that Monero is so private that even core developers can’t trace it…

Troddit version links (a Tor-friendly instance) https://troddit.esmailelbob.xyz/r/Monero/comments/17m6w9e/psa_ccs_wallet_incident/k7mj2he - Onion -> http://troddit.esmail5pdn24shtvieloeedh7ehz3nrwcdivnfhfcedl7gf4kwddhkqd.onion/r/Monero/comments/17m6w9e/psa_ccs_wallet_incident/k7mj2he

It is interesting that it took nine transactions to empty the CCS wallet. Is that indicative of somebody new to monero?

Not sure but perhaps they weren’t able to send it in one go for technical reasons (like byte size limit), as inputs would have been too many (a lot of relatively small coins, originally received from many supporters)?

Firstly relatively small 23527 B. They did a small “test”? https://localmonero.co/blocks/search/ffc82e64dde43d3939354ca1445d41278aef0b80a7d16d7ca12ab9a88f5bc56a

Then bigger like 101 KB https://localmonero.co/blocks/search/08487d5dbf53dfb60008f6783d2784bc4c3b33e1a7db43356a0f61fb27ab90cc https://localmonero.co/blocks/search/4b73bd9731f6e188c6fcebed91cc1eb25d2a96d183037c3e4b46e83dbf1868a9 https://localmonero.co/blocks/search/8a5ed5483b5746bd0fa0bc4b7c4605dda1a3643e8bb9144c3f37eb13d46c1441 etc.

Thanks :) It’s great that nitter.net stopped blocking Tor again! I happened to notice that a while ago too, via c/monerochan https://monero.town/post/901193 - ideally privacy advocates should stop using Twitter itself though…

The most centralized part of the Monero network may be mining (i.e. potential weakness, as a centralized pool is an easy target for “them” to shut down), without which the network wouldn’t work. Ideally, if possible, users may want to consider running p2pool too, not just a full node. Like monerod, p2pool can be a background task, not using full cores, so one can still use their computer like normally, even if it’s not a dedicated box for mining.